rpms / slic3r

Clone
Source Code
GIT

#5 Security fix for CVE-2020-28591
Merged 3 years ago by churchyard. Opened 3 years ago by churchyard.
rpms/ churchyard/slic3r cve  into  rawhide

file added
+21 
@@ -0,0 +1,21 @@ 
 

+ diff --git a/xs/src/libslic3r/IO/AMF.cpp b/xs/src/libslic3r/IO/AMF.cpp
 

+ index 7433762..42e6491 100644
 

+ --- a/xs/src/libslic3r/IO/AMF.cpp
 

+ +++ b/xs/src/libslic3r/IO/AMF.cpp
 

+ @@ -344,9 +344,13 @@ void AMFParserContext::endElement(const char *name)
 

+      // Faces of the current volume:
 

+      case NODE_TYPE_TRIANGLE:
 

+          assert(m_object && m_volume);
 

+ -        m_volume_facets.push_back(atoi(m_value[0].c_str()));
 

+ -        m_volume_facets.push_back(atoi(m_value[1].c_str()));
 

+ -        m_volume_facets.push_back(atoi(m_value[2].c_str()));
 

+ +        if (strtoul(m_value[0].c_str(), nullptr, 10) < m_object_vertices.size() &&
 

+ +            strtoul(m_value[1].c_str(), nullptr, 10) < m_object_vertices.size() &&
 

+ +            strtoul(m_value[2].c_str(), nullptr, 10) < m_object_vertices.size()) {
 

+ +            m_volume_facets.push_back(atoi(m_value[0].c_str()));
 

+ +            m_volume_facets.push_back(atoi(m_value[1].c_str()));
 

+ +            m_volume_facets.push_back(atoi(m_value[2].c_str()));
 

+ +        }
 

+          m_value[0].clear();
 

+          m_value[1].clear();
 

+          m_value[2].clear();

file modified
+12 -5 
@@ -5,7 +5,7 @@ 
 

  

  Name:           slic3r
 

  Version:        1.3.0
 

- Release:        18%{?dist}
 

+ Release:        19%{?dist}
 

  Summary:        G-code generator for 3D printers (RepRap, Makerbot, Ultimaker etc.)
 

  License:        AGPLv3 and CC-BY
 

  # Images are CC-BY, code is AGPLv3
 
@@ -30,7 +30,11 @@ 
 

  # Make boost::Placeholders::_1 visible (PR#4976)
 

  Patch9:         %{name}-bind-placeholders.patch
 

  # Use boost/nowide/cstdlib.hpp instead of boost/nowide/cenv.hpp (PR#4976)
 

- Patch10:         %{name}-boost-nowide.patch
 

+ Patch10:        %{name}-boost-nowide.patch
 

+ 

+ # Security fix for CVE-2020-28591
 

+ # https://github.com/slic3r/Slic3r/pull/5063
 

+ Patch11:        %{name}-CVE-2020-28591.patch
 

  

  Source1:        %{name}.desktop
 

  Source2:        %{name}.appdata.xml
 
@@ -137,6 +141,7 @@ 
 

  %patch8 -p1
 

  %patch9 -p1
 

  %patch10 -p1
 

+ %patch11 -p1
 

  

  # Optional removals
 

  %if %{use_system_admesh}
 
@@ -245,13 +250,15 @@ 
 

  %{perl_vendorarch}/auto/Slic3r*
 

  %{_datadir}/icons/hicolor/*/apps/%{name}.png
 

  %{_datadir}/applications/%{name}.desktop
 

- %if 0%{?fedora} < 21
 

- %dir %{_datadir}/appdata
 

- %endif
 

  %{_datadir}/appdata/%{name}.appdata.xml
 

  %{_datadir}/%{name}
 

  

  %changelog
 

+ * Thu Mar 18 2021 Miro Hrončok <mhroncok@redhat.com> - 1.3.0-19
 

+ - Security fix for CVE-2020-28591
 

+ - Resolves: rhbz#1934823
 

+ - Resolves: rhbz#1934824
 

+ 

  * Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.3.0-18
 

  - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

no initial comment

Pull-Request has been merged by churchyard
3 years ago
Metadata
None
No Tags
Changes Summary 2
+21
file added
slic3r-CVE-2020-28591.patch
+12 -5
file changed
slic3r.spec
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.